Computer Security
[EN] securityvulns.ru no-pyccku


Cisco Unified Communications Manager / Cisco Intercompany Media Engine / Cisco TelePresence Codecs DoS
updated since 30.08.2011
Published:20.09.2011
Source:
SecurityVulns ID:11882
Type:remote
Threat Level:
6/10
Description:Crash on Service Advertisement Framework (SAF) packet parsing, crash on SIP processing, connection flood DoS.
Affected:CISCO : Unified Communications Manager 6.1
 CISCO : Unified Communications Manager 7.0
 CISCO : Unified Communications Manager 8.5
 CISCO : Intercompany Media Engine 8.0
 CISCO : TelePresence C40
 CISCO : TelePresence C60
 CISCO : TelePresence C90
 CISCO : TelePresence E20
 CISCO : TelePresence EX60
 CISCO : TelePresence EX90
 CISCO : TelePresence 6000 MXP
 CISCO : TelePresence 9000 MXP
CVE:CVE-2011-2577 (Unspecified vulnerability in Cisco TelePresence C Series Endpoints, E/EX Personal Video units, and MXP Series Codecs, when using software versions before TC 4.0.0 or F9.1, allows remote attackers to cause a denial of service (crash) via a crafted SIP packet to port 5060 or 5061, aka Bug ID CSCtq46500.)
 CVE-2011-2564 (Unspecified vulnerability in the Service Advertisement Framework (SAF) in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 8.x before 8.5(1) and Cisco Intercompany Media Engine 8.x before 8.5(1) allows remote attackers to cause a denial of service (device reload) via crafted SAF packets, aka Bug ID CSCth19417.)
 CVE-2011-2563 (Unspecified vulnerability in the Service Advertisement Framework (SAF) in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 8.x before 8.5(1) and Cisco Intercompany Media Engine 8.x before 8.5(1) allows remote attackers to cause a denial of service (device reload) via crafted SAF packets, aka Bug ID CSCth26669.)
 CVE-2011-2562 (Unspecified vulnerability in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su2, 7.x before 7.1(5b)su3, 8.x before 8.0(3a)su1, and 8.5 before 8.5(1) allows remote attackers to cause a denial of service (service outage) via a SIP INVITE message, aka Bug ID CSCth43256.)
 CVE-2011-2561 (The SIP process in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 7.x before 7.1(5b)su4 and 8.x before 8.0(1) does not properly handle SDP data within a SIP call in certain situations related to use of the g729ar8 codec for a Media Termination Point (MTP), which allows remote attackers to cause a denial of service (service outage) via a crafted call, aka Bug ID CSCtc61990.)
 CVE-2011-2560 (The Packet Capture Service in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x does not properly handle idle TCP connections, which allows remote attackers to cause a denial of service (memory consumption and restart) by making many connections, aka Bug ID CSCtf97162.)
 CVE-2011-2544 (Cross-site scripting (XSS) vulnerability in the web interface in Cisco TelePresence System MXP Series F9.1 and earlier allows remote authenticated users to inject arbitrary web script or HTML via a crafted Call ID, as demonstrated by resultant cross-site request forgery (CSRF) attacks that change passwords or cause a denial of service, aka Bug ID CSCtq46488.)
 CVE-2011-2543 (Buffer overflow in the cuil component in Cisco Telepresence System Integrator C Series 4.x before TC4.2.0 allows remote authenticated users to cause a denial of service (endpoint reboot or process crash) or possibly execute arbitrary code via a long location parameter to the getxml program, aka Bug ID CSCtq46496.)
Original documentdocumentlists_(at)_senseofsecurity.com, Cisco TelePresence Multiple Vulnerabilities - SOS-11-010 (20.09.2011)
 documentCISCO, Cisco Security Advisory: Denial of Service Vulnerability in Cisco TelePresence Codecs (05.09.2011)
 documentCISCO, Cisco Security Advisory: Denial of Service Vulnerabilities in Cisco Intercompany Media Engine (30.08.2011)

Microsoft Office multiple security vulnerabilities
updated since 16.09.2011
Published:20.09.2011
Source:
SecurityVulns ID:11909
Type:client
Threat Level:
7/10
Description:Multiple Excel memory corruptions, Word uninitialized pointer dereference, unsafe DLL loading.
Affected:MICROSOFT : Office 2003
 MICROSOFT : Office 2004 for Mac
 MICROSOFT : Office 2007
 MICROSOFT : Office 2008 for Mac
 MICROSOFT : Office 2010
CVE:CVE-2011-1990 (Microsoft Excel 2007 SP2; Excel in Office 2007 SP2; Excel Viewer SP2; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; and Excel Services on Office SharePoint Server 2007 SP2 do not properly validate the sign of an unspecified array index, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Out of Bounds Array Indexing Vulnerability.")
 CVE-2011-1989 (Microsoft Excel 2003 SP3 and 2007 SP2; Excel in Office 2007 SP2; Excel 2010 Gold and SP1; Excel in Office 2010 Gold and SP1; Office 2004, 2008, and 2011 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; Excel Services on Office SharePoint Server 2007 SP2; Excel Services on Office SharePoint Server 2010 Gold and SP1; and Excel Web App 2010 Gold and SP1 do not properly parse conditional expressions associated with formatting requirements, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Conditional Expression Parsing Vulnerability.")
 CVE-2011-1988 (Microsoft Excel 2003 SP3 and 2007 SP2; Excel in Office 2007 SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 do not properly parse records in Excel spreadsheets, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Heap Corruption Vulnerability.")
 CVE-2011-1987 (Array index error in Microsoft Excel 2003 SP3 and 2007 SP2; Excel in Office 2007 SP2; Excel 2010 Gold and SP1; Excel in Office 2010 Gold and SP1; Office 2004, 2008, and 2011 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Out of Bounds Array Indexing Vulnerability.")
 CVE-2011-1986 (Use-after-free vulnerability in Microsoft Excel 2003 SP3 allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Use after Free WriteAV Vulnerability.")
 CVE-2011-1982 (Microsoft Office 2007 SP2, and 2010 Gold and SP1, does not initialize an unspecified object pointer during the opening of Word documents, which allows remote attackers to execute arbitrary code via a crafted document, aka "Office Uninitialized Object Pointer Vulnerability.")
 CVE-2011-1980 (Untrusted search path vulnerability in Microsoft Office 2003 SP3 and 2007 SP2 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .doc, .ppt, or .xls file, aka "Office Component Insecure Library Loading Vulnerability.")
Original documentdocumentVUPEN Security Research, VUPEN Security Research - Microsoft Office Excel Formula Record Heap Corruption Vulnerability (20.09.2011)
 documentIDEFENSE, iDefense Security Advisory 09.13.11: Adobe Reader and Acrobat JPEG Processing Use After Free Vulnerability (16.09.2011)
 documentIDEFENSE, iDefense Security Advisory 09.13.11: Microsoft Excel Record Memory Corruption Vulnerability (16.09.2011)
 documentIDEFENSE, iDefense Security Advisory 09.13.11: Microsoft Excel Record Integer Signedness Vulnerability (16.09.2011)
 documentIDEFENSE, iDefense Security Advisory 09.13.11: Microsoft Excel Record Memory Corruption Vulnerability (16.09.2011)
Files:Microsoft Security Bulletin MS11-072 - Important Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2587505)
 Microsoft Security Bulletin MS11-073 - Important Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2587634)

Microsoft Sharepoint multiple security vulnerabilities
updated since 16.09.2011
Published:20.09.2011
Source:
SecurityVulns ID:11910
Type:remote
Threat Level:
6/10
Description:Crossite scripting, code injection, information disclosure.
Affected:MICROSOFT : SharePoint Server 2007
 MICROSOFT : SharePoint Workspace 2010
 MICROSOFT : Office Groove 2007
 MICROSOFT : Office Forms Server 2007
 MICROSOFT : SharePoint Server 2010
CVE:CVE-2011-1893 (Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2010, Windows SharePoint Services 2.0 and 3.0 SP2, and SharePoint Foundation 2010 allows remote attackers to inject arbitrary web script or HTML via the URI, aka "SharePoint XSS Vulnerability.")
 CVE-2011-1892 (Microsoft Office Groove 2007 SP2, SharePoint Workspace 2010 Gold and SP1, Office Forms Server 2007 SP2, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold and SP1, Office Groove Data Bridge Server 2007 SP2, Office Groove Management Server 2007 SP2, Groove Server 2010 Gold and SP1, Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010, and Office Web Apps 2010 Gold and SP1 do not properly handle Web Parts containing XML classes referencing external entities, which allows remote authenticated users to read arbitrary files via a crafted XML and XSL file, aka "SharePoint Remote File Disclosure Vulnerability.")
 CVE-2011-1891 (Cross-site scripting (XSS) vulnerability in Microsoft Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters in a request to a script, aka "Contact Details Reflected XSS Vulnerability.")
 CVE-2011-1890 (Cross-site scripting (XSS) vulnerability in EditForm.aspx in Microsoft Office SharePoint Server 2010 and SharePoint Foundation 2010 allows remote attackers to inject arbitrary web script or HTML via a post, aka "Editform Script Injection Vulnerability.")
 CVE-2011-1252 (Cross-site scripting (XSS) vulnerability in the SafeHTML function in the toStaticHTML API in Microsoft Internet Explorer 7 and 8, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold and SP1, Groove Server 2010 Gold and SP1, Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified strings, aka "toStaticHTML Information Disclosure Vulnerability" or "HTML Sanitization Vulnerability.")
 CVE-2011-0653 (Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2010 Gold and SP1, and SharePoint Foundation 2010, allows remote attackers to inject arbitrary web script or HTML via the URI, aka "XSS in SharePoint Calendar Vulnerability.")
Original documentdocumentNicolas Grégoire, XEE vulnerabilities in SharePoint (MS11-074) and DotNetNuke (20.09.2011)
 documentIrene Abezgauz, Seeker Advisory Sep11: Reflected Cross Site Scripting in Microsoft SharePoint Portal (16.09.2011)
 documentIrene Abezgauz, Seeker Advisory Sep11: Insecure Redirect in Microsoft SharePoint Portal (16.09.2011)
Files:Microsoft Security Bulletin MS11-074 - Important Vulnerabilities in Microsoft SharePoint Could Allow Elevation of Privilege (2451858)

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:20.09.2011
Source:
SecurityVulns ID:11912
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:EZ : eZ Flash Tag Cloud 1.0
 SIT : Support Incident Tracker 3.64
 MANAGEENGINE : ServiceDesk Plus 8.0
 NORTEL : Nortel Contact Recording Centralized Archive 6.5
CVE:CVE-2011-1510 (Cross-site scripting (XSS) vulnerability in SolutionSearch.do in ManageEngine ServiceDesk Plus (SDP) before 8012 allows remote attackers to inject arbitrary web script or HTML via the searchText parameter.)
 CVE-2011-1509 (The encryptPassword function in Login.js in ManageEngine ServiceDesk Plus (SDP) 8012 and earlier uses a Caesar cipher for encryption of passwords in cookies, which makes it easier for remote attackers to obtain sensitive information by sniffing the network.)
Original documentdocumentrgod, Nortel Contact Recording Centralized Archive 6.5.1 EyrAPIConfiguration getSubKeys() Remote SQL Injection Exploit (20.09.2011)
 documentOnapsis Research Labs, [Onapsis Security Advisory 2011-016] SAP WebAS Malicious SAP Shortcut Generation (20.09.2011)
 documentOnapsis Research Labs, [Onapsis Security Advisory 2011-015] SAP WebAS webrfc Cross-Site Scripting (20.09.2011)
 documentOnapsis Research Labs, [Onapsis Security Advisory 2011-014] SAP WebAS Remote Denial of Service (20.09.2011)
 documentAlexandr Polyakov, [DSECRG-11-033] SAP Crystal Report Server pubDBLogon - Linked –•SS vulnerability (by ERPScan) (20.09.2011)
 documentAlexandr Polyakov, [DSECRG-11-032] SAP NetWeaver ipcpricing - information disclose (by ERPScan) (20.09.2011)
 documentCORE SECURITY TECHNOLOGIES ADVISORIES, CORE-2011-0506 - Multiples Vulnerabilities in ManageEngine ServiceDesk Plus (20.09.2011)
 documentHigh-Tech Bridge Security Research, Multiple vulnerabilities in SiT! Support Incident Tracker (20.09.2011)
 documentMustLive, Update: Vulnerability in plugins for Typepad, RapidWeaver, Habari, DasBlo, eZ Publish, EE, Serendipity, Social Web CMS, PHP-Fusion, Magento and Sweetcron (20.09.2011)

librsvg code execution
Published:20.09.2011
Source:
SecurityVulns ID:11913
Type:library
Threat Level:
5/10
Description:Code excution on SVG files parsing
Affected:LIBRSVG : librsvg 2.32
CVE:CVE-2011-3146 (librsvg before 2.34.1 uses the node name to identify the type of node, which allows context-dependent attackers to cause a denial of service (NULL pointer dereference) and possibly execute arbitrary code via a SVG file with a node with the element name starting with "fe," which is misidentified as a RsvgFilterPrimitive.)
Original documentdocumentUBUNTU, [USN-1206-1] librsvg vulnerability (20.09.2011)

FortiMail Messaging Security Appliance crossite scripting
Published:20.09.2011
Source:
SecurityVulns ID:11914
Type:remote
Threat Level:
5/10
Description:Crossite scripting in web administration module.
Affected:FORTINET : FortiMail 100
 FORTINET : FortiMail 400
Original documentdocumentsschurtz_(at)_t-online.de, XSS vulnerability in FortiMail Messaging Security Appliance (20.09.2011)

HP Network Node Manager i DoS
Published:20.09.2011
Source:
SecurityVulns ID:11915
Type:remote
Threat Level:
5/10
CVE:CVE-2009-3877 (Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to cause a denial of service (memory consumption) via crafted HTTP headers, which are not properly parsed by the ASN.1 DER input stream parser, aka Bug Id 6864911.)
 CVE-2009-3876 (Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to cause a denial of service (memory consumption) via crafted DER encoded data, which is not properly decoded by the ASN.1 DER input stream parser, aka Bug Id 6864911.)
 CVE-2009-3875 (The MessageDigest.isEqual function in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to spoof HMAC-based digital signatures, and possibly bypass authentication, via unspecified vectors related to "timing attack vulnerabilities," aka Bug Id 6863503.)
 CVE-2009-3874 (Integer overflow in the JPEGImageReader implementation in the ImageI/O component in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via large subsample dimensions in a JPEG file that triggers a heap-based buffer overflow, aka Bug Id 6874643.)
 CVE-2009-3873 (The JPEG Image Writer in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to gain privileges via a crafted image file, related to a "quantization problem," aka Bug Id 6862968.)
 CVE-2009-3872 (Unspecified vulnerability in the JPEG JFIF Decoder in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to gain privileges via a crafted image file, aka Bug Id 6862969.)
 CVE-2009-3871 (Heap-based buffer overflow in the setBytePixels function in the Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via crafted arguments, aka Bug Id 6872358.)
 CVE-2009-3869 (Stack-based buffer overflow in the setDiffICM function in the Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via a crafted argument, aka Bug Id 6872357.)
 CVE-2009-3868 (Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 does not properly parse color profiles, which allows remote attackers to gain privileges via a crafted image file, aka Bug Id 6862970.)
 CVE-2009-3867 (Stack-based buffer overflow in the HsbParser.getSoundBank function in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via a long file: URL in an argument, aka Bug Id 6854303.)
Original documentdocumentHP, [security bulletin] HPSBMU02703 SSRT100242 rev.1 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Denial of Service (DoS), Unauthorized Disclosure of Information, Unauthorized Modification (20.09.2011)

Colasoft Capsa DoS
Published:20.09.2011
Source:
SecurityVulns ID:11916
Type:remote
Threat Level:
5/10
Description:Crash on SNMP packet parsing.
Affected:COLASOFT : Capsa 7.2
Original documentdocumentvuln_(at)_nipc.org.cn, Colasoft Capsa7.2.1 Malformed SNMP Packet Denial of Service (20.09.2011)

HP Business Service Automation Essentials code execution
Published:20.09.2011
Source:
SecurityVulns ID:11917
Type:remote
Threat Level:
5/10
Affected:HP : Business Service Automation Essentials 2.01
CVE:CVE-2011-2412 (Unspecified vulnerability in HP Business Service Automation (BSA) Essentials 2.01 allows remote attackers to execute arbitrary code via unknown vectors.)
Original documentdocumentHP, [security bulletin] HPSBMU02705 SSRT100622 rev.1 - HP Business Service Automation (BSA) Essentials, Remote Execution of Arbitrary Code (20.09.2011)

Cisco Unified Service Monitor / Cisco Unified Operations Manager / CiscoWorks LAN Management / EMC Ionix buffer overflow
Published:20.09.2011
Source:
SecurityVulns ID:11918
Type:remote
Threat Level:
5/10
Description:Buffer overflow on TCP/9002 network packet parsing.
Affected:EMC : Ionix Adapter for Alcatel-Lucent 5620 SAM EMS 3.2
 EMC : Ionix IP Management Suite 8.1
 EMC : Ionix Ionix Service Assurance Management Suite 8.1
 EMC : Ionix Ionix VoIP Availability Management Suite 4.0
 CISCO : CiscoWorks LAN Management Solution 3.1
 CISCO : CiscoWorks LAN Management Solution 3.2
 CISCO : CiscoWorks LAN Management Solution 4.0
 CISCO : Unified Service Monitor 8.6
 CISCO : Unified Operations Manager 8.6
CVE:CVE-2011-2738 (Multiple unspecified vulnerabilities in Cisco Unified Service Monitor before 8.6, as used in Unified Operations Manager before 8.6 and CiscoWorks LAN Management Solution 3.x and 4.x before 4.1; and multiple EMC Ionix products including Application Connectivity Monitor (Ionix ACM) 2.3 and earlier, Adapter for Alcatel-Lucent 5620 SAM EMS (Ionix ASAM) 3.2.0.2 and earlier, IP Management Suite (Ionix IP) 8.1.1.1 and earlier, and other Ionix products; allow remote attackers to execute arbitrary code via crafted packets to TCP port 9002, aka Bug IDs CSCtn42961 and CSCtn64922, related to a buffer overflow.)
Original documentdocumentCISCO, Cisco Security Advisory: Cisco Unified Service Monitor and Cisco Unified Operations Manager Remote Code Execution Vulnerabilities (20.09.2011)
 documentCISCO, Cisco Security Advisory: CiscoWorks LAN Management Solution Remote Code Execution Vulnerabilities (20.09.2011)
 documentEMC, ESA-2011-029: Buffer overflow vulnerability in multiple EMC Ionix products (20.09.2011)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod